Create IAM Policy to restrict user

Question

Hi,
Please help me in creating IAM Policy and configure policy to user in which user should only be allowed to create specific type of instance in specific region.

regards,
malik

Answer

We answered your question five days ago here: https://repost.aws/questions/QUo1ehAu-1SxuqckgIKGFAOg/restrict-ec2-instance-type#ANEg8NF5RITmq7v-3-nj4FmQ

Answer

Below is an example policy document that allows the user to create only t2.micro instances in the us-east-1 region. You can adjust the instance types and region as needed.

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ec2:RunInstances",
            "Resource": "arn:aws:ec2:us-east-1::image/ami-*",
            "Condition": {
                "StringEquals": {
                    "ec2:InstanceType": "t2.micro",
                    "ec2:Region": "us-east-1"
                }
            }
        }
    ]
}
```
If necessary, you can modify the policy document to grant additional permissions or restrict further based on your specific requirements.

Create IAM Policy to restrict user

相關內容